Description
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that session's identifier.
Remediation
References
Related Vulnerabilities
Drupal Core 8.x Multiple Vulnerabilities (8.0.0 - 8.4.4)
WordPress Plugin Author Manager Multiple Vulnerabilities (1.0)
PHP Other Vulnerability (CVE-2009-4017)
WordPress Plugin WP eCommerce 'cart_messages[]' Parameter Cross-Site Scripting (3.8.6)
Oracle Application Server Other Vulnerability (CVE-2002-0569)